Jens Erat

#12592of 53,635
21.5Total CVSS
Vulnerabilities · 4
Medium
4
PT-2017-6404
6.1
2017-02-17
Inverse · Sogo · CVE-2014-9905
**Name of the Vulnerable Software and Affected Versions** SOGo versions prior to 2.2.0 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar component of SOGo. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific fields, including the title of an appointment or contact fields. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue.
PT-2017-8927
4.3
2017-02-17
Inverse · Sogo · CVE-2016-6189
**Name of the Vulnerable Software and Affected Versions** SOGo versions prior to 2.3.12 SOGo versions 3.x prior to 3.1.1 **Description** The issue allows remote authenticated users to obtain sensitive information by reading specific fields in calendar feeds. This is due to an incomplete blacklist. **Recommendations** For SOGo versions prior to 2.3.12, update to version 2.3.12 or later. For SOGo versions 3.x prior to 3.1.1, update to version 3.1.1 or later.
PT-2017-8928
4.3
2017-02-17
Inverse · Sogo · CVE-2016-6190
**Name of the Vulnerable Software and Affected Versions** SOGo versions prior to 2.3.12 SOGo versions 3.x prior to 3.1.1 **Description** The issue allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction. This is achieved by correlating UIDs and DTSTAMPs between all users, due to a lack of access restriction to the UID and DTSTAMP attributes. **Recommendations** For SOGo versions prior to 2.3.12, update to version 2.3.12 or later. For SOGo versions 3.x prior to 3.1.1, update to version 3.1.1 or later.
PT-2017-8926
6.8
2016-02-27
Inverse · Sogo · CVE-2016-6188
**Name of the Vulnerable Software and Affected Versions** SOGo version 2.3.7 **Description** A memory leak issue allows remote attackers to cause a denial of service by consuming memory via a large number of attempts to upload a large attachment, related to temporary files. **Recommendations** For SOGo version 2.3.7, consider restricting the size of attachments that can be uploaded to prevent excessive memory consumption until a patch is available. As a temporary workaround, monitor system resources closely to detect and mitigate potential denial-of-service attacks.